Monday, 27 August 2012

Even “Spike” can’t control his online privacy. Tough.

So, that’s it then. While we await for Lord Leveson to report on the relationship between the media and the police, the elephant in the room has reminded us all that we really need to redefine the term “privacy” if individuals are to every have any meaningful control over their own on-line privacy.

The Human Rights Act, as currently drafted, has probably had it. No-one really knows how draw a firm line between the right to self expression and the right to privacy in respect of one’s family life, home and correspondence. And, worse, the controls which do exist don’t appear to be very effective

It has been reported that poor “Spike Wells” has recently had to delete his Facebook account because of media speculation that he wasn’t actually born with that name. Apparently, he’s an army officer – and the army really don’t like it when their officers behave in a way that tarnishes the reputation of other servicemen. When I attended the Royal Military Academy at Sandhurst, the message was pretty clear. When you become an army officer, and are presented with your Commission, signed by The Queen, you are required to adopt behavioural traits that others might not necessarily wish to follow, but they would certainly respect.

Does this mean that much will happen as the usual suspects continue to review the proposals to revise the current Data Protection Directive? Increasingly, I’m turning to the view what whatever emerges from Europe probably won’t have much of an impact on the way we all lead our lives, anyway. Those that wish to comply with whatever legal requirements are passed probably will. And those that don’t understand the requirements (possibly because they are too complicated), and those that see view the requirements as an irrelevance and can’t be bothered to comply (possibly because they interfere with a more pressing business need) probably won’t.

And the regulators? Well, given the huge pressure on the public finances all over Europe, I can’t see that they will actually be granted the resources that really will be sufficient to enable them to properly carry out their statutory functions. But they'll continue to exist so that they can be blamed if anything really awful goes wrong.

So who will really control those who occasionally "misbehave"?

I suspect that what will happen is, first, that people will be given the benefit of the doubt. They are nice people, really. Then, occasionally, something awful will go wrong. Facts (and images) will emerge about individuals and events which put them in a different light from the perception that people may previously have had about that individual or event. Journalists will continue to expose material that entertains, informs and outrages the public. And this continued exposure may well help prevent some of the more unruly bunch from acting so outrageously anyway. Neither money, privilege nor even a threat of violence will prevent the oxygen of publicity that Facebook, twitter or the press can generate when data finds its way into the internet. Think of the Arab Spring. It’s how citizens have changed whole systems of government.

Eventually, the more enlightened individuals will realise that it was largely their own fault that their reputations have been affected by the digital information which had been created about them. So often, they created this information themselves. And, in time, they will learn lessons from this - either by trying to remove the more embarrassing parts of their digital lives from the internet, or by ensuring that such behaviours occur in an analogue world, rather than a digital world.

Camera phones will be left in coat pockets.

And the unenlightened souls will continue to behave in a way that occasionally entertains or shocks the public, as some of their exploits become known to a much wider group of people than they ever originally anticipated.

Dai Davies, a former head of royal protection for Scotland Yard, has recently been reported as saying: “From a security point of view I would never recommend anyone high-profile to have a Facebook account because, depending what you have on it, it is indicative sometimes of where you are going, what you are doing, and more importantly, who your friends are.”

I would go one step further than that, and remind people of the dangers of storing their most private digital information in the cloud, or in any electronic environment that they can’t themselves control. You are only going to get true peace of mind when you can physically lay your own hands on those digital assets. And no amount of European data protection regulation is likely to convince me that others really can be trusted to look after my most highly cherished assets.

About Me

I'm Martin Hoskins, and I write this blog to offer somewhat of an irreverent approach to data protection issues. I'm not one of the "high priests" of data protection. I prefer the principles of transparency, fairness, practicality and risk-assessment over tedious technical dogma. In my view, when the law is unfair or impractical, it should be queried.
While I may, occasionally, gently criticise various organisations with which I am or have been associated, I write here in an entirely personal capacity. My comments should never be taken to represent anyone else's views about any of the pressing issues of the day.
There is a much more serious side to my privacy consulting work, but for that you'll need to contact me at Grant Thornton UK LLP, where I'm an Associate Director, leading the UK privacy practice.
I tweet as @DataProtector.
You can contact me at:
martin.c.hoskins@uk.gt.com, or (with respect to my less serious posts) info@martinhoskins.com.